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CLAIM AMENDMENTS 

1 - 32. (Cancelled). 

33. (Currently Amended). A method for enforcing a selected policy from a set of 
polices maintained by a policy server to be applied to a user interconnected to a network 
through a communication path, wherein the network includes a gateway and one or more 
resources, comprising: 

receiving, by the gateway, a request from the user to access the one or more resources 
on the network; 

selecting a user object from a plurality of stored objects, wherein the user object 
corresponds to the user and includes a set of attributes comprising a group to which the user 
belongs , a user name, password, and an override attribute ; 

determining whether to grant or deny access to the network based upon the user name 
and password; 

identifying a profile that applies to the user based on the set of attributes , including 
the group to which the user belongs , wherein the profile includes an authorization parameter 
and a communication parameter; 

determining, by the gateway, whether to grant or deny access to the on e or mor e 
resources on the network based upon the authorization parameter; and 

configuring the communication path , including setting quality of service (QOS), 
based upon the communication parameter. 

34. (Previously Presented). The method of claim 33, wherein the network is a 
virtual network. 

35. (Cancelled). 

36. (Cancelled). 

37. (Previously Presented). The method of claim 33, further comprising: 
determining a characteristic of the communication path between the user and the 

gateway; and 
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determining, at the gateway, whether to grant or deny access to the one or more 
resources on the network based on the determined characteristic. 

38. (Previously Presented). The method of claim 37, wherein the characteristic of 
the communication path is a call-back number. 

39. (Previously Presented). The method of claim 37, wherein the characteristic is 
a medium type. 

40. (Previously Presented). The method of claim 33, wherein the gateway is 
interposed between the user and each of the resources on the network. 

41. (Currently Amended). The method of claim 33, further comprising: 
replacing the authorization parameter with an the override attribute. 

42. (Currently Amended). The method of claim 33, further comprising: 
replacing the communication parameter with an the override attribute. 

43. (Previously Presented). The method of claim 33, wherein the communication 
parameter includes an authentication type and the step of configuring the communication 
path comprises setting the authentication type to be applied to the user. 

44. (Previously Presented). The method of claim 33, wherein the step of 
configuring the communication path comprises setting a bandwidth. 

45. (Previously Presented). The method of claim 33, wherein the step of 
configuring the communication path comprises establishing a network address assigned to 
the user. 

46. (Previously Presented). The method of claim 33, wherein the step of 
configuring the communication path comprises establishing an encryption level to be applied 
to communications between the user and the network. 
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47. (Previously Presented). The method of claim 33, wherein the authorization 
parameter represents a time of day during which the user is permitted to access the network. 

48. (Previously Presented). The method of claim 33, wherein the authorization 
parameter represents a phone number from which the user is permitted to call and access the 
network. 

49. (Currently Amended). A computer-readable medium having computer- 
readable instructions for a method for enforcing a selected policy from a set of polices 
maintained by a policy server to be applied to a user interconnected to a network through a 
communication path, wherein the network includes a gateway and one or more resources, 
comprising: 

receiving, by the gateway, a request from the user to access the one or more resources 
on the network; 

selecting a user object from a plurality of stored objects, wherein the user object 
corresponds to the user and includes a set of attributes comprising a group to which the user 
belongs , a user name, password, and an override attribute ; 

determining whether to grant or deny access to the network based upon the user name 
and password; 

identifying a profile that applies to the user based on the set of attributes, including 
the group to which the user belongs, wherein the profile includes an authorization parameter 
and a communication parameter; 

determining, by the gateway, whether to grant or deny access to the on e or mor e 
resources on the network based upon the authorization parameter; and 

configuring the communication pat h, including setting quality of service (QOS), 
based upon the communication parameter. 

50. (Previously Presented). The computer-readable medium of claim 49, wherein 
the network is a virtual network. 

51. (Cancelled). 

52. (Cancelled). 
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53. (Previously Presented). The computer-readable medium of claim 49, further 
comprising: 

determining a characteristic of the communication path between the user and the 
gateway; and 

determining, at the gateway, whether to grant or deny access to the one or more 
resources on the network based upon the determined characteristic. 

54. (Currently Amended). The computer-readable medium of claim 49, further 
comprising: 

replacing the authorization parameter with an the override attribute. 

55. (Currently Amended). The computer-readable medium of claim 49, further 
comprising: 

replacing the communication parameter with an the override attribute. 

56. (Previously Presented). The computer-readable medium of claim 49, wherein 
the communication parameter includes an authentication type and the step of configuring the 
communication path comprises setting the authentication type to be applied to the user. 

57. (Previously Presented). The computer-readable medium of claim 49, wherein 
the step of configuring the communication path comprises setting a bandwidth. 

58. (Previously Presented). The computer-readable medium of claim 49, wherein 
the step of configuring the communication path comprises establishing a network address 
assigned to the user. 

59. (Previously Presented). The computer-readable medium of claim 49, wherein 
the step of configuring the communication path comprises establishing an encryption level to 
be applied to communications between the user and the network. 
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